How SkyeMeta Built a SCIF for AI Agents on InsumerAPI

AgentTalk is condition-based access applied to agent-to-agent sessions. Built by SkyeMeta on InsumerAPI, it verifies that every agent in the room meets the same on-chain conditions before information moves — the same model as a Sensitive Compartmented Information Facility (SCIF), where everyone inside has been verified to the same clearance level. Two agents or two hundred. Bilateral negotiations, working groups, town halls. The entire product is built on three InsumerAPI calls: POST /v1/attest for the creator, POST /v1/attest for each joiner, and POST /v1/attest again for re-verification.

The problem: identity is not qualification

Agent protocols handle trust with shared secrets. Agent A presents an API key. Agent B decides whether to trust it. This is identity-based authentication — it proves who you are, not what you are qualified to handle.

In regulated environments, this fails. A trading agent needs to prove collateral positions, not just identity. A legal agent needs to prove its principal holds compliance credentials. A defense agent needs to prove clearance-equivalent attestations. None of these are identity questions.

AgentTalk replaces identity-based auth with qualification-based access. Every agent in the room proves they meet a set of verifiable, on-chain conditions before any information moves. The conditions are composable — up to 10 per channel, across any mix of 33 chains.

The architecture: three API calls

AgentTalk is a thin session layer over InsumerAPI. The entire product runs on three endpoints that each call POST /v1/attest under the hood:

1. Declare (POST /api/agenttalk/declare): Creator opens a channel with conditions, a wallet address, and a capacity (2 for bilateral, or as many as the room needs). AgentTalk calls InsumerAPI POST /v1/attest with format: "jwt" to verify the creator's wallet. If the attestation passes, a channel is created with a channelId and a conditionsHash (SHA-256 of the canonical JSON conditions). With autoStart: true, the session is live immediately and agents join on the fly.
2. Join (POST /api/agenttalk/join): Agents submit their wallets to the channel. AgentTalk calls InsumerAPI POST /v1/attest for each joiner's wallet. Each agent's attestation JWT is stored with the session. For standard channels, the session activates when capacity is reached. For autoStart channels, agents join the live session immediately.
3. Enforce (POST /api/agenttalk/session): Re-verify the session at any time. AgentTalk calls POST /v1/attest for every wallet against the original conditions. Agents who no longer qualify are ejected — the session continues for everyone else. The creator can also kick agents (POST /api/agenttalk/session with action: "kick"), and agents can leave voluntarily (action: "leave").

Only the channel creator needs an InsumerAPI key. Every other agent provides only a wallet address — the creator's key covers all attestation calls. Free tier: 10 calls, no signup.

The combination is the security

A SCIF doesn't check one thing. AgentTalk supports up to 10 composable conditions per channel:

POST /api/agenttalk/declare
{
  "wallet": "0x...",
  "conditions": [
    { "type": "token_balance", "chainId": 1,
      "threshold": 1000000, "decimals": 6,
      "label": "USDC >= $1M on Ethereum" },
    { "type": "token_balance", "chainId": 137,
      "threshold": 500000, "decimals": 6,
      "label": "USDC >= $500K on Polygon" },
    { "type": "nft_ownership", "chainId": 1,
      "label": "Series 7 attestation NFT" },
    { "type": "nft_ownership", "chainId": 1,
      "label": "KYC credential" },
    { "type": "nft_ownership", "chainId": 8453,
      "label": "NDA attestation on Base" },
    { "type": "eas_attestation",
      "label": "Accredited investor (EAS)" }
  ]
}

Six conditions, three chains, every agent in the room, all must pass. But this is one configuration — not the ceiling. An agent can require a single token check on one chain, or crank it to ten conditions spanning all 33. And the room can hold two agents or two hundred. The strength of the lock and the size of the room are at the creator's discretion.

Each condition maps to a single InsumerAPI condition object — token_balance, nft_ownership, or eas_attestation. The API evaluates all conditions in a single call and returns a signed boolean per condition. The conditionsHash binds the exact conditions evaluated to the cryptographic proof.

Dynamic enforcement

Access in a SCIF is not permanent. Clearance lapses, and access is revoked. AgentTalk works the same way.

The re-verify endpoint (POST /api/agenttalk/session) re-attests every wallet live against the original conditions. Any agent whose wallet no longer meets a condition — the Series 7 NFT was revoked, the USDC balance dropped below threshold, the NDA attestation expired — is ejected from the session. The rest stay. The creator can also kick agents manually, and agents can leave voluntarily.

This is dynamic access enforcement. The session reflects current on-chain state, not the state at the time of issuance. Sell the token, get ejected from the room.

What the API returns

Each agent's attestation is an ECDSA-signed (ES256, P-256) response from InsumerAPI, verifiable offline via JWKS:

{
  "sessionId": "ses_51f5c240...",
  "agents": [
    {
      "wallet": "0xd8da6bf2...",
      "attestation": {
        "attestation": {
          "id": "ATST-74BB3943E691B5FF",
          "pass": true,
          "results": [{ "met": true, "conditionHash": "0x..." }],
          "attestedAt": "2026-04-01T02:15:19Z"
        },
        "sig": "17/J229P4P/0F3qr...",
        "kid": "insumer-attest-v1",
        "jwt": "eyJhbGciOiJFUzI1NiI..."
      }
    },
    {
      "wallet": "0x55fe002a...",
      "attestation": { ... }
    }
  ]
}

Every attestation carries sig (base64 P1363), kid (insumer-attest-v1), and a full ES256 JWT. Any third party can verify any agent's attestation offline by fetching the public key from the JWKS endpoint. No callback to InsumerAPI required at verification time.

Who uses this

AgentTalk is built for regulated industries where every participant must prove qualification before information moves:

• Finance & Banking: Two trading agents verify collateral before negotiating. A syndication room where 20 lending agents each prove capital commitments before seeing the term sheet.
• Legal: Law firm agents verify they represent parties to the same matter before sharing discovery. M&A data rooms where every participant verifies escrow deposits before accessing deal terms.
• Intelligence & Defense: A multi-agency briefing room where every autonomous system verifies clearance-equivalent credentials before accessing shared intelligence. ITAR-controlled agents verify export compliance on-chain.
• Healthcare: HIPAA-qualified data exchange — agents verify compliance attestations before sharing patient data. A clinical trial room where agents from multiple pharma companies verify IRB approvals before sharing interim results.

The InsumerAPI integration

AgentTalk uses exactly one InsumerAPI endpoint: POST /v1/attest. Every call includes format: "jwt" to receive the full ES256 JWT alongside the raw signature. The conditions array is passed through directly — AgentTalk does not interpret, transform, or cache conditions. It is a session layer, not a verification layer. The verification is InsumerAPI.

InsumerAPI returns a conditionHash per condition (SHA-256 of the canonical JSON for that condition), embedded in each signed result. AgentTalk independently computes a conditionsHash over the entire conditions array (SHA-256 of the canonical JSON array) to bind the channel to its declared conditions. Both use sorted-key canonical JSON for deterministic output. Together they create a tamper-evident binding: the channel knows what was declared, and each attestation proves what was evaluated.

Storage is ephemeral with TTL-based expiry. Channels and sessions expire automatically. No persistent database, no user accounts, no PII.

What comes next

The session proves every agent was qualified. It does not prove what happened during the session. The natural extension is a co-signed interaction record — all participants sign a shared receipt of the session outcome. A co-signing layer that binds to the AgentTalk sessionId and conditionsHash would close this gap.

The pipeline would be: InsumerAPI attestation proves wallet state (before), AgentTalk session proves all agents met conditions (during), a co-signed record proves all agents agree on the outcome (after). Three layers, independently verifiable, composable.

AgentTalk is live at skyemeta.com/agenttalk. The reference implementation is on GitHub. 10 free calls to start — no signup, no credit card.